CVE-2017-6931: Settings Tray access bypass

March 1, 2018 (updated October 3, 2019)

In Drupal, the Settings Tray module has a vulnerability that allows users to update certain data that they do not have the permissions for.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6931
nvd.nist.gov/vuln/detail/CVE-2017-6931
www.drupal.org/SA-CORE-2018-001
www.drupal.org/sa-core-2018-001

Code Behaviors & Features

Detect and mitigate CVE-2017-6931 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →